Feel like I am missing something easy and could use a nudge, I have the first password and I feel like im just sitting here playing guess the email, what am I missing. I have tried generating a bunch of potential things based on clues in other pages.
It is a bit of “guess the email” but this is pretty much the crux of enumeration. There is enough information available on the various bits you have access to, so that you can “guess” the email you need.
However, it might be better to use the information to create a wordlist then try a password spray attack.
I have access to the login creds and t******.php, but I need help with my payload. I can get commands to execute (from what I can tell), but I can’t get anything useful to run successfully.
Feel like I am missing something easy and could use a nudge, I have the first password and I feel like im just sitting here playing guess the email, what am I missing. I have tried generating a bunch of potential things based on clues in other pages.
It is a bit of “guess the email” but this is pretty much the crux of enumeration. There is enough information available on the various bits you have access to, so that you can “guess” the email you need.
However, it might be better to use the information to create a wordlist then try a password spray attack.
I’m still stuck guessing a valid username after taking these steps. I tried a lot of combinations. Any more hints?
Finally got user flag ! The foothold was quite frustrating! I’m trying to spawn the reverse shell but I’m stuck! A nudge would be very welcome Now I am trying to decrypt a hash, the password doesn’t seems in rock***.
Edit: Rooted PM me for nudges
Feel like I am missing something easy and could use a nudge, I have the first password and I feel like im just sitting here playing guess the email, what am I missing. I have tried generating a bunch of potential things based on clues in other pages.
It is a bit of “guess the email” but this is pretty much the crux of enumeration. There is enough information available on the various bits you have access to, so that you can “guess” the email you need.
However, it might be better to use the information to create a wordlist then try a password spray attack.
I’m still stuck guessing a valid username after taking these steps. I tried a lot of combinations. Any more hints?
I had to try about 20k combinations before getting it, for what it’s worth
Anyone got any tips for root? I am just absolutely clueless as for what to do here, which is weird because according to everyone else this is the easiest part…
I don’t know why but yesterday I could get the user, and today I can’t find any new tickets created, the search always returns 200 empty responses, after posting a new correct ticket, the box has been reset two times… bored
I don’t know why but yesterday I could get the user, and today I can’t find any new tickets created, the search always returns 200 empty responses, after posting a new correct ticket, the box has been reset two times… bored
are you using the right url? one of them tends to not return anything for that request.
Just completed. Nice box for a rainy Sunday afternoon.
Overall logic seems to be similar to other machines of the author (or its perhaps just a subjective impression of main). I would give it a decent 30 points rather than 40 but its again only my evaluation.
My three cents:
Initial Foothold:
Everything has already been written, including required tooling so I can only confirm that it was the most painful part.
User1:
Evaluate the app, do some googling after evaluating the traffic. There are some nice articles on Internet. Split whats complicated into parts.
User2:
See what else is running on the box. Read some code. Get access. If you cannot break what you need (or it requires to much work) then perhaps just change it. Simple scripting and you are there (you can reuse your tooling from initial foothold).
Root:
Stay where you are. Basic enum and do not be shy, just get in.